question Is there a parking service that supports https?

[Dimitar Nestorov]

Google Chrome refuses to visit the new .app domains without https

 

[DAN.COM]

SSL Secured for sale pages have landed in the domain industry! Brought to you by Undeveloped:

https://selldomains.app/

All .app domains you'll park with us will now have SSL enabled! We're now rolling out SSL to all extensions gradually to avoid any issues causing for example downtime.

SSL support for .com's will be launched last and I expect that'll happen before Friday.

What do we expect this new feature will do for you?

1: More sales (fewer Chrome users will bump into security blocks)

2: Better ranking in Google (Your for sale pages will get indexed significantly better according to our SEO advisors)

Happy selling!

Reza

 

[Donny]

There will not be any parking companies that support SSL. Let's encrypt is a great idea, but you have to load every certificate on every box. Let's say you have 30 servers and 2,000,000 domains. Do you know how long apache or nginx would take to reload when a new cert is added?

We looked into it and tried. It's not worth it.

Donny

 

[Donny]

Let me know when you can add four or five million.

I'll wait...

Donny

 

[DAN.COM]

We're currently working on a solution and might be able to introduce SSL on over 1M domains. If the negotiations go well this week we might be able to introduce SSL secured for sale pages next week.

To be continued...

 

[Dimitar Nestorov]

Every SSL-certificate is bound to certain domain.
I don't see how this can be implemented by parking companies... because they must set up the separate SSL-certificate on their webservers per each domain...

LetsEncrypt, it's 100% automatable. Also Comodo have their variant of LetsEncrypt.

 

[Jurgen Wolf]

The only one solution today - URL forwarding to another destination...
But don't try to forward your .app domain to another parked domain - in terms of monetization this is prohibited by Google and will be banned.

 

[Dimitar Nestorov]

Are you saying that you can't parking .app domains?
Just curious because I don't own any .app

It's not that you can't. But only certain browsers will be able to visit the website (Safari, Edge, Firefox ESR, and Chrome on iOS as far as I know)

 

[Donny]

undeveloped.com uses a redirection option to undeveloped.com for your domain.

It doesn't get it's own ssl cert.

Donny

 

[Jurgen Wolf]

The only one solution today - URL forwarding to another destination...
But don't try to forward your .app domain to another parked domain - in terms of monetization this is prohibited by Google and will be banned.

I have regged 1 .app for $12 at 1and1 just to test it...
Then activated SSL-certificate per this domain and URL forwarding to Epik marketplace listing... because .app is unsupported on Sedo at all (invalid domain).
And it works as expected...

 

[Donny]

You can redirect a .app domain, but you can't redirect to a different domain that is parked somewhere. That they won't like.

Donny

 

[un1]

Here is described how to move the domains between your contracts:

thanks for detailed description.

by the way, i received a message from undeveloped:

Hi,
Google forces HTTPS even before the redirect in Chrome for .app domains. We're currently negotiating a deal to get SSL on more than 1M parked domains. Once we got a deal we can implement SSL on all landers to avoid this issue.
Kind regards,

I guess this issue will be resolved soon.

 

[Donny]

@matt_bodis - Yeah, it's a little tough to deal with, since each of us have load balancers, you would have to put the cert on each server. And adding a single name would require you to add the new cert and reload apache or nginx, with so many certs it's really slow.

Not sure how possible this is going to be anytime soon.

Hope you are feeling better.

Donny

 

[branding]

Lets encrypt is the way to go. Any 'real' hosting company is offering that for free already. Letsencrypt is easy to integrate in Cpanel for instance so I'd imagine it wouldn't be too hard to integrate in a custom backend.

You can just automate the process so when someone adds a domain a certificate will be issued and configured instantly. I'm not sure if it's still the case but they (letsencrypt) did have a maximum request per day(?) per ip requesting it. Also, the domain should already be using the correct nameservers.

The huge number of domains shouldn't be an issue either. You'd be surprised how many domains are running on a single server anyway and introducing SSL to the config shouldn't add too much additional overhead.

Like mentioned before, cloudflare would also be a viable solution. Not free however and overall less trusted because of the way their encryption chain works. Anyhow, you could integrate cloudflare (using their API) in your backend and you'll be done. Best to reach out to them if you'd want to go that option. Big plus might be their DDOS protection, not sure if that's a thing for parking services.

Anyway, It can easily be done and it definitely is something that should be tackled in this industry in the near future.

 

[Donny]

How about you get @matt_bodis to pay you, and then we will just copy what he does?

One of my employees does run a hosting company at night and I had him look into mass SSL certs with letsencrypt and he determined that it just wasn't possible. That doesn't mean that it won't be at some point. But the rate limits set by letsencrypt would be too high right now.

Donny

 

[Donny]

Nameservers have nothing to do with SSL. It's all done on the webserver.

Donny

 

[DAN.COM]

@Michael M, Cough, don't see it yet. Turn your head to the left... And Cough please.

Donny

We now have SSL on over 1.100.000 domains that are parked with us. If you're interested, ping me, we're more than happy to share how we cracked it eventually as it wasn't easy.

 

[Jurgen Wolf]

Are you saying that you can't parking .app domains?
Just curious because I don't own any .app

Yes, .app can't be parked for monetization (because this doesn't work technically, lack of SSL using parking companies).

 

[matt_bodis]

There will not be any parking companies that support SSL. Let's encrypt is a great idea, but you have to load every certificate on every box. Let's say you have 30 servers and 2,000,000 domains. Do you know how long apache or nginx would take to reload when a new cert is added?

We looked into it and tried. It's not worth it.

Donny

Guess I missed this post. Thanks Donny for saving us a ton of time.

 

[Michael M]

@matt_bodis - Yeah, it's a little tough to deal with, since each of us have load balancers, you would have to put the cert on each server. And adding a single name would require you to add the new cert and reload apache or nginx, with so many certs it's really slow.

Not sure how possible this is going to be anytime soon.

Hope you are feeling better.

Donny

When there is a will, there is a way. I would imagine all the parking and registrars need to get this figured out for a landing page to be possible on .app without technical knowledge from domainers or an external solution they may be hesitant to use.

Also keep in mind the entire web is going towards SSL, so this is coming guys. Landing/Parking/Registrars need to get this figured out on their level.

 

[matt_bodis]

@Donny - thanks. You make some great points. And yeah getting there.

@Michael M - very true indeed. The future definitely is in HTTPS. Actually, as with .app domains, even the present is now with HTTPS. So a solution is definitely required either sooner or later.

It won't hurt for us to look into it while taking all of Donny's great points into account.

 

[Kate]

LetsEncrypt will be hard to scale for thousands of domains.
In fact, setting up SSL is not the problem, the problem is to gather the private certificates and automate the deployment.

And it also depends on the verification to be performed. For example in a simple domain validation scenario, the certificate will often be delivered to an E-mail address under the same domain like postmaster. Or it has to be fetched by the domain holder on the the certificate authority's website. So the parking company can't do that because they have no control.

If you have a server, you could host the domains yourself though. Just need to automate the LetsEncrypt part.

.app is definitely going to be a challenge for domainers.

It reminds me when people were buying .tel domains to find out they couldn't park them

 

[Dimitar Nestorov]

Letsencrypt is easy to integrate in Cpanel for instance so I'd imagine it wouldn't be too hard to integrate in a custom backend.

cPanel partnered with Comodo to release a feature called AutoSSL. Basically the same as LetsEncrypt but the issuer is Comodo. I used to have LetsEncrypt in my cPanel and then one day it disappeared.

I made a reverse IP lookup on my website and found 785 websites hosted on our IP address. Cool thing is that I tried a bunch of them by manually writing https in the address bar and they all resolved with

Issued by: cPanel, Inc. Certification Authority

Which means that my hosting provider has SSL setup for 785 domains just on that server. If cPanel can do it, so can you!

 

[Michael M]

Let me know when you can add four or five million.

I'll wait...

Donny

Pay me well if i succeed at creating nameservers and web presence that can do that and forward all your domains and I will start tonight.

 

[Donny]

Cloudflare bought their own CA. This is why they can offer universal SSL. I think any parking company would offer ssl if it was possible and still profitable. Buying an SSL cert for every parked domain isn't a reality.

I would give you a Google lava lamp and two packs of bubble gum.

Donny

 

[Donny]

And their DNS option, is really just a redirection solution in a nutshell. And we can't work with redirection.

Donny